DEV Community

Discussion on: Token vs Session Authentication

supunkavinda profile image
Supun Kavinda

In JWT, to validate the token, doesn't the server need to save it in a database? Doesn't it require space?

Or else, how is the validation done?

vasilevskialeks profile image
Aleksandar Vasilevsk Author

The JWT is signed from the server with a private key and then it is sent to the client, so the server can verify the token if it's legit or not.